I'm trying to access a server that is protected with NTLM authentication and requiring a client certificate. I'm authenticating using delegate methods of NSURLConnection, and retrieving results with UIWebview.
I've managed to develop code for NTLM authentication and authentication when server requires a client certificate:
- (void) connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
authMethod = challenge.protectionSpace.authenticationMethod;
if ( [challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust] )
{
[challenge.sender useCredential:[NSURLCredential credentialForTrust: challenge.protectionSpace.serverTrust] forAuthenticationChallenge: challenge];
return;
}
if ( [challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodClientCertificate] )
{
[... code to extract certificate ...]
NSURLCredential *credential = [NSURLCredential credentialWithIdentity:myIdentity certificates:(NSArray*)certsArray persistence:NSURLCredentialPersistencePermanent];
[challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
return;
}
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodNTLM])
{
NSURLCredential *credential;
credential = [NSURLCredential
credentialWithUser:@"user"
password:@"password"
persistence:NSURLCredentialPersistencePermanent];
[challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
return;
}
[[challenge sender] performDefaultHandlingForAuthenticationChallenge:challenge];
}
Everything works fine when server requires NTLM auth or client certificate separately. When required together, both certificate informations and NTLM credentials are received server-side, but IIS7 returns a 403 page asking for the client certificate...
Something you may need to know is that willSendRequestForAuthenticationChallenge is called four times in this order:
willSendRequestForAuthenticationChallenge: NSURLAuthenticationMethodServerTrust
willSendRequestForAuthenticationChallenge: NSURLAuthenticationMethodClientCertificate
willSendRequestForAuthenticationChallenge: NSURLAuthenticationMethodNTLM
willSendRequestForAuthenticationChallenge: NSURLAuthenticationMethodClientCertificate
If you have any ideas ?
Thanks in advance,
that worked in iOS 7 and doesn't in iOS 8. Are you using iOS 8? Test with iOS 7 (e.g. on simulator) to confirm it is only iOS 8 issue. It has something to do with "stream is sending an event before being opened" error that you might see in log window. Also waiting until it is fixed in iOS, but I still see it in latest 8.2 beta 3.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With